Abstract: Examples of systems are described herein which may dynamically allocate compute resources to recovery clusters. Accordingly, a recovery site may utilize fewer compute resources in maintaining recovery clusters for multiple associate clusters, while ensuring that, during use, compute resources are allocated to a particular cluster. This may reduce and/or avoid vulnerabilities arising from a use of shared resources in a virtualized and/or cloud environment.

Abstract: A method for processing a message received via an electronic communication network by a user terminal is disclosed. The method comprises receiving the message, the message including data corresponding to an initial message content determined by a sender of the message and at least one data item corresponding to a function, the at least one data item being determined by the sender of the message; and determining a final content, the final content including the initial message content determined by the sender of the message and a specific content obtained by determining a result of the function applied to at least data from the user terminal.

Abstract: Techniques are provided for managing host connectivity to a data storage system. A host connectivity management system receives a request from a host system to connect to a data storage system. The data storage system includes storage nodes which include storage volumes, and each storage node includes multiple ports to enable connection to the storage node. The host connectivity management system determines a subset of ports, among all available ports of the storage nodes, to assign to the host system for use by the host system for connecting to the storage nodes of the data storage system to access the storage volumes. The host connectivity management system sends connection information to the host system to enable the host system to connect to the data storage system, wherein the connection information includes port identifiers associated with the subset of ports assigned to the host system.

Abstract: A method and system may be provided for recording discussions about computer code in an integrated development environment (“IDE”). In some aspects, a communication channel is integrated with an IDE. Communications and discussions may be tracked and linked with specific code sections.

Abstract: Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity.

Abstract: A method and an apparatus are provided for deploying a security access control policy in the field of network security. The method, executed by a cloud management platform, includes: determining, according to an application creation instruction, an application template used for an application that needs to be created and a security profile corresponding to the application template; instructing a virtualization platform to create, according to the application template, a corresponding virtual machine for each application component in the application, and obtaining an IP address of each virtual machine created by the virtualization platform; generating a group of security access control policies corresponding to the application according to the IP address of each virtual machine and by using the security profile; and delivering the group of security access control policies to a corresponding firewall. Therefore, a security access control policy is automatically deployed.

Abstract: A method for maintaining a material data blockchain (MDC) is disclosed. The method includes receiving a material data block (MDB), wherein the MDB includes a metadata portion and a payload portion. The method further includes extracting a first sequence from the metadata portion and generating a genomic engagement factor (GEF) based on the sequence, a genomic differentiation object assigned to the creator VDAX, and genomic regulation instructions (GRI) that are maintained by the creator VDAX. The method further includes generating a creator value corresponding to the MDB based on the first GEF and the MDB and digitally signing the MDB with the creator value. The method includes providing the unnotarized MDB to one or more notary cohorts; and receiving a respective notary value from each of the notary cohorts, wherein each notary value is generated using respective GRI and genomic differentiation object maintained by a respective notary.

Abstract: According to one embodiment, an I/O command control apparatus receives authorization information. The authorization information indicates whether or not to permit an execution of an I/O command. The apparatus verifies whether the received authorization information is not tampered with, and whether the received authorization information is issued from a known authorization server. In a case where the authorization information is not tampered with, and is issued from the known server, the apparatus verifies whether or not the authorization information permits to execution of the I/O command. The apparatus permits or prohibits the execution of the I/O command or execution of a control command generated from the I/O command, based on the authorization result.

Abstract: Aspects of a data environment, such as various capacities of data stores and instances, can be managed using a separate control environment. A monitoring component of the control environment can periodically communicate with the data environment to obtain performance information. The information is analyzed, using algorithms such as trending and extrapolation algorithms, to determine any recommended scaling of resources in the data environment. The scaling can be performed automatically, or as authorized by a customer. A workflow can be instantiated that includes tasks necessary to perform the scaling. The scaling of storage capacity can be performed without affecting the availability of the data store.

Abstract: A system and method for selecting alternate global positioning system coordinates is provided. The system generally comprises a geolocation device, processor operably connected to the geolocation device, and non-transitory computer-readable medium having instructions stored thereon. The instructions instruct the system to select alternate GPS coordinates based off geospatial data received by the processor as well as parameters of the system that may limit the alternate GPS coordinates in which the system may select. The parameters may be selected within a user interface of the system.

Abstract: There is provided a verification apparatus including: an acquisition unit configured to acquire each of control data that causes artificial intelligence to function in an apparatus and learning data of the control data; and a verification unit configured to verify the acquired control data on the basis of the control data obtained as a result of performing learning with use of the acquired learning data, and on the basis of the acquired control data.

Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.

Abstract: A method includes, in response to receiving an email message, detecting one or more artifacts within an email message, wherein each of the artifacts is associated with a payload; for each artifact, generating, a descriptor object representing the artifact that does not include the payload, so that the processor is prevented from accessing the payload via the descriptor object; and at least one payload button based on the payload associated with the artifact for causing the payload to be transmitted to an external system for analysis of the payload; and presenting an artifact dashboard in a graphical user interface (GUI) rendered on a display of the email security system, the artifact dashboard displaying, for each artifact, the descriptor object representing the artifact and the at least one payload button based on the payload associated with the artifact.

Abstract: In an analysis system in which a plurality of analysis apparatuses and a server are communicably connected, the plurality of analysis apparatuses each includes: an apparatus body that measures a sample; and an information processor that analyzes measurement data by the apparatus body. The information processor has a first storage unit for storing the measurement data and an analysis result of the measurement data, generates an analysis result summary based on the analysis result stored in the first storage unit, the analysis result summary indicating an outline of the analysis result, and transmits the analysis result summary to the server. The server has a second storage unit, and constructs a database in which analysis result summaries received from the information processor are accumulated, and stores the database into the second storage unit.

Abstract: A relay server, an authentication system, and a relay method. The relay server receives an authentication request including authentication parameters from a device, determines whether the authentication parameters included in the authentication request are sufficient for an authentication process performed at an authentication server, assigns one or more missing authentication parameters to the authentication request when the authentication parameters included in the authentication request are determined to be insufficient, and relays the authentication request to the authentication server.

Abstract: Described herein is a system and method for detecting a layout table by a screen reader. Information regarding a document being displayed by an application is received from an application programming interface of a user interface automation system that provides information regarding user interface elements of application and/or the application. The information includes an indication that the document comprises a table. A determination is made as to whether the table is a data table or a layout table based upon the received information using a rule-based heuristic. When it is determined that the table is a layout table, presentation information associated with the layout table can be skipped over, and, cell data content within the layout table provided. Thus, for a determined layout table, the system and method allow the screen reader to act as if the containing table doesn't exist, but still read the content.

Abstract: An inline network traffic monitor is deployed inline between two endpoints of a computer network. A particular endpoint of the two endpoints works in conjunction with the inline network traffic monitor to decrypt encrypted network traffic transmitted between the two endpoints. A series of Change Cipher Spec (CCS) messages is exchanged between the inline network traffic monitor and the particular endpoint during a Transport Layer Security (TLS) handshake between the two endpoints. The series of CCS messages allows the particular endpoint and the inline network traffic monitor to detect each other on the computer network. After detecting each other's presence, the particular endpoint sends the inline network traffic monitor a session key that is used by the two endpoints to encrypt their network traffic. The inline network traffic monitor uses the session key to decrypt encrypted data of the network traffic transmitted between the two endpoints.

Abstract: Signal, data transmission, and/or encryption units generating a cryptographic code using a cryptographic key before writing to a pseudorandom noise buffer memory. The PRN code generator comprises a first processor generating a PRN code from initial data using a cryptographic key. A second processor generates sections of the PRN code for integrity check purposes through computation using the same cryptographic key and initial data. Within the PRN code generator and before temporary storage of the PRN code in the buffer memory, there is a comparison device for comparing at least one duplicated section of the PRN code sequence cryptographically generated by the first processor with the section computed by the second processor. A blocking, stop and/or alarm function is activated in the comparison device and triggered on the basis of a predefined degree of matching between the section obtained through duplication and the computed section.

Abstract: The disclosure provides an approach for cross-network communication by self-replicating applications. Embodiments include identifying, by a first instance of a self-replicating application on a first computing device having a first network connection to a parent component, a second computing device that is connected to the first computing device via a second network connection. Embodiments include self-replicating, by the first instance of the self-replicating application, across the second network connection to produce a second instance of the self-replicating application on the second computing device. Embodiments include initiating, by the first instance of the self-replicating application, a proxy tunnel on the first computing device. Embodiments include receiving, by the proxy tunnel, a first communication from the second instance of the self-replicating application via the second network connection.

Abstract: Methods and systems are described herein for identifying a location of a user prior to sending a notification and/or tailoring notification delivery and/or receipts to a determined location of the user. In many contexts, the delivery or receipt time of these notifications is important. For example, the message may include time-sensitive information or may have been targeted based on delivering (or being received at) an optimal time. The system may determine a time zone identifier by recording a user's default or home location based on known account data and establishing a transaction data stream for identifying transactions that are outside of a radius of the default location. Upon detecting transactions outside the default location, the system may update an account of the user with a temporary location. The system may then determine a delay based on this temporary location.

Abstract: A multi-device digital rights management server is provided. The server may include, but is not limited to, a processor communicatively coupled to a communications system and a memory, the processor configured to receive, from the communications system, a request to transfer digital content from a first user device to a second user device, update, upon receipt of the request, digital rights management data stored in the memory to enable both the first user device and the second user device to consume the digital content, receive, from the communications system, notice that one of the first user device and the second user device is consuming the digital content, update, upon receipt of the notice, the digital rights management data to disable the other of the first user device and the second user device from consuming the digital content.

Abstract: Aspects of the present disclosure provide techniques for encrypted data management. Embodiments include determining an encrypted data item in a data store that is related to a request from a data consuming user. Embodiments include determining a data owning user and an encryption key that correspond to the encrypted data item based on a key identifier associated with the encrypted data item. Embodiments include determining one or more additional encrypted data items and one or more additional encryption keys that correspond to the data owning user based on key identifiers associated with the one or more additional encrypted data items. Embodiments include generating a single data access ticket comprising information about the data consuming user, the data owning user, the encryption key, and the one or more additional encryption keys.

Abstract: Embodiments of the present application provide a method for acquiring information of access resources, a terminal device, and a base station. A terminal device detects a synchronization signal of a cell to be accessed by the terminal device. The terminal device further receives a broadcast channel of the cell on a broadcast channel resource. The terminal device then determines a resource on which the cell is located according to resource indication information carried in the broadcast channel. The broadcast channel resource corresponds to an actual access resource, and the synchronization signal is detected on the actual access resource. The actual access resource is one of a plurality of candidate access resources of the cell. The resource indication information indicates a location relationship between the actual access resource and the resource on which the cell is located.

Abstract: A system and method of verifying the identity of a user or registrant. The user or registrant provides identification information and registration information. The identification information may be a visual representation of an identifying item associated with location information. In some embodiments, the identification information may be a visual representation of a government issued identity. An identification module verifies the identification information and compares the verified identification information to the registration information.

Abstract: A method of controlling access to at least one access point is provided. The method comprising: transmitting, using a requesting device, an access request to an access device; generating, using the access device, an authorization information request in response to the access request; generating an authorization request in response to the authorization information request; transmitting, using the requesting device, the authorization request to an authorization service; generating, using the authorization service, an authorization token in response to the authorization request; transmitting, using the authorization service, the authorization token to the requesting device; transmitting, using the requesting device, the authorization token to the access device; validating, using the access device, the authorization token; and adjusting, using the access device, at least one access point.

Abstract: Presented herein are systems and methods for end-to-end encryption for session-less communications. A first server may receive, from a second server, a request to retrieve keys for a customer device to access a service. The request may include a device identifier and a first token encrypted using a first encryption key. The first server may determine, responsive to validating, that the customer device is to be issued a second token. The first server may identify least a portion of the first token decrypted using the first encryption key. The first server may generate a set of second encryption keys to be used by the customer device. The first server may package the second token to include (i) at least the portion of the first token and (ii) the set of second encryption keys. The first server may transmit, to the second server, a response including the second token.

Abstract: In a method for using a smart link to access a digital resource, a smart link access request is received from an electronic device interacting with a smart link, wherein a smart link provides access to at least one destination digital resource of a plurality of destination digital resources associated with the smart link. The at least one destination digital resource to access is determined based at least on the smart link access request. The electronic device is directed to the determined at least one destination digital resource.

Abstract: An information apparatus includes circuitry to receive a communication request transmitted from a request source device. The communication request is one of a plaintext communication request and a ciphertext communication request. In response to receiving the plaintext communication request, the circuitry transfers the plaintext communication request for processing. In response to receiving the ciphertext communication request, the circuitry decrypts the ciphertext communication request to obtain another communication request and transfers the another communication request for processing.

Abstract: In an embodiment, an application-provisioning framework of a database platform receives a provisioning request from a requesting entity, requesting provisioning of an application for a customer account of the database platform. In response to receiving the provisioning request, the application-provisioning framework retrieves, from data storage, an application-provisioning blueprint document that lists one or more database objects. The application-provisioning framework provisions, according to the retrieved application-provisioning blueprint document, the one or more listed database objects in a database associated in the database platform with the customer account.

Abstract: A metadata-based scientific data characterization method, system, and computer program product include requesting a user input for a task to specify a rule for the task to determine a quality and a relationship of a data file in a data file database based on metadata associated with the data file, processing a user feedback of results using the rule run on the data file database and tracking the user feedback on the results in order to learn from the user feedback, and based on the learning, creating a modified rule to determine a quality and a relationship of a second data file.

Abstract: A system, method, and apparatus for implementing workflows across multiple differing systems and devices is provided herein. During operation, a security level at an entry point will be increased temporarily when a camera moves its field of view away from the entry point. The security level will return to its original state when the camera moves its field of view back to the entry point.

Abstract: A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.

Abstract: A disclosed method of operating a representational state transfer (REST) server to respond to receiving a batch request includes: extracting a first requested item from the batch request; opening an output stream to a client network; writing a response opening of a batch response to the output stream; writing a first response item opening of the batch response to the output stream; in response to determining that a first REST service indicated by the first requested item is authorized to be invoked based on access control lists (ACLs), invoking the first REST service to stream a first response item body of the batch response to the output stream; writing a first response item closing of the batch response to the output stream; and writing a response closing of the batch response to the output stream, wherein the batch response is in valid JavaScript Object Notation (JSON).

Abstract: A method, an apparatus, and a system for collecting an access control list (ACL), where a second network device receives a first link-state advertisement (LSA) packet flooded by a first network device, where the first LSA packet includes a first network device identifier and first ACL information, and the first network device and the second network device belong to a same Interior Gateway Protocol (IGP) area, and sends an extended first Border Gateway Protocol-Link State (BGP-LS) packet to a controller, where the extended first BGP-LS packet includes the first network device identifier and the first ACL information such that the controller can collect ACL information of the first network device and manage the ACL information of the first network device.

Abstract: Multi-mode interfaces having secure alternate modes are disclosed. An example method includes exposing to a device, during a first alternate mode negotiation session, an availability of a first secure alternate mode on a host, authenticating the device to the host using the first secure alternate mode, and responsive to the device being authenticated, exposing to the device a second secure alternate mode.

Abstract: The present disclosure provides data-driven methods and apparatuses for predicting user inquiries. One exemplary method includes: collecting user behavior data and pre-processing the user behavior data when a user inquiry is received; extracting candidate user behavior data that is contributive to the user inquiry from the pre-processed user behavior data; screening the candidate user behavior data based on a set target behavior data set, and selecting candidate user behavior data that is contained in the target behavior data set; inputting the screened candidate user behavior data into a trained classifier model; and predicting an inquiry category to which the user inquiry belongs. One exemplary apparatus includes a pre-processing module, an extraction module, and a prediction module. The method and the apparatus embodiments of the present disclosure can improve the efficiency and accuracy of the prediction.

Abstract: Electronic multi-user forms are provided. The use of these forms may include displaying the forms to more than one user, receiving population data from one or more user, and selectively displaying the population data to each user. The population data may be displayed to the various users based on the security authorization of the user seeing the form. Upon completion of the form by the users, the form may be further completed and submitted for processing or approval.

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an non-session-based L2 frame destined for the second client device. The first router forms an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers and a protocol selected based on an L3 service for the L2 frame, a payload comprising the L2 frame, and metadata comprising a session identifier distinctly identifying the L2 frame, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the payload and forwards the L2 frame to the second client device.

Abstract: An apparatus has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to store identity attributes including real identity attributes for a real individual and at least two sets of digital identity attributes each operative as a personal privacy proxy with compartmental identity attributes. The at least two sets of digital identity attributes each include a digital identity name, a digital identity mobile device number and a digital identity email address. The at least two sets of digital identity attributes are evaluated to produce a similarity measure. The real individual is provided with a recommendation based upon the similarity measure.

Abstract: An administrator installs a key management agent on a previously approved client machine. The agent is started on the client machine, which posts requests for keys to a central key management service. The central key management service logs requests posted to it by clients, and checks for existing pre-approval records. If none are found, a message is typically sent to an approver for the requesting client machine. When a request is verified as approved, the request is flagged for further processing. The supported systems continuously or periodically look for records flagged for processing, use requests to generate keys and other appropriate elements for the requesting client machine, and post keys and other elements to the key management database. The key management agent polls the central key management service periodically until finding the expected key file, which it downloads and installs into a protected file location on the client machine.

Abstract: Preemptive caching within content/name/information centric networking environment is contemplated. The preemptively caching may be performed within content/name/information centric networking environments of the type having a branching structure or other architecture sufficient to facilitate routing data, content, etc. such that one or more nodes other than a node soliciting a content object also receive the content object.

Abstract: One embodiment provides a method, including: receiving, at an information handling device in a low power mode, a wake indication; waking, responsive to the receiving, the information handling device from the low power mode; receiving, at the awoken information handling device, context data obtained by at least one other device; and performing an action based on the received context data. Other aspects are described and claimed.

Abstract: There is provided a method to eliminate data-theft through a phishing website by creating a layer of control between the user and the website to be visited that prevents submission of sensitive data to malicious servers. When there is a form submit event in a webpage, the data that is input (by the user or automatically) is modified by a data deception layer in a random manner that disguises the authentic content, while preserving the format of the data. Visual cues are provided to indicate that the data deception is enabled and that fake/generated data is being submitted instead of real data. The generated fake data is sent to unknown (potentially malicious) server while the users' actual private data is preserved (never submitted), with the results of the server response visible to the user.

Abstract: The present disclosure provides a method and apparatus for skill sharing. A user's first click operation on a sharing link of a first skill is received; and the page jumps to a skill development page according to the first click operation, where the skill development page includes an input box of a link and an import button, and the input box is used to input a sharing link of a skill, while the import button is used to input an import instruction of the skill; and the first skill is imported into a skill development platform according to a user operation. By generating a sharing link of the skill, the sharing link of the skill can be shared within any location in existing sharing ways. The sharing manner thus enables the user to import the first skill in a variety of ways and avoids repeated development from different developers.

Abstract: A multipath device for processing multipath data traffic, the multipath device comprising: a multipath network access interface for receiving multipath data traffic; and a host processor configured to process a plurality of multi-connectivity network protocols. A specific multi-connectivity network protocol of the plurality of multi-connectivity network protocols is configured to utilize protocol-specific resources of the multipath device for processing a portion of the multipath data traffic that is related to the specific multi-connectivity network protocol. The specific multi-connectivity network protocol is configured to share the network protocol-specific resources with other multi-connectivity network protocols which are configured to process portions of the multipath data traffic that are related to the other multi-connectivity network protocols by distributing payload data transport onto multiple sub-flows of a multipath connection.

Abstract: Methods, systems, computer readable media, and apparatuses for providing enhanced content are presented. Data including a first program, a first caption stream associated with the first program, and a second caption stream associated with the first program may be received. The second caption stream may be extracted from the data, and a second program may be encoded with the second caption stream. The first program may be transmitted with the first caption stream including first captions and may include first content configured to be played back at a first speed. In response to receiving an instruction to change play back speed, the second program may be transmitted with the second caption stream. The second program may include the first content configured to be played back at a second speed different from the first speed, and the second caption stream may include second captions different from the first captions.

Abstract: There is provided a mechanism for having an operator of an IP network that is applied for transferring the media transfer session stream for an IP Multimedia Subsystem, IMS, call to relate this stream to a specific operator of the home-network of the calling party User Equipment. By having, e.g., a Session Border Gateway, SBG, insert a specific signature, associated with the operator sourcing the media transfer session for the calling party UE, into the path carrying the media transfer session stream, the operator of the IP transport network is, by discovery of the specific signature, and its characteristics enabled to discover the operator sourcing the media transfer session.

Abstract: A web filtering system efficiently controls whether to permit access to a website. The web filtering system includes a first database and a first computer in the server side, and a second database and a second computer in the client side. The first database stores URLs of websites and categories corresponding to the URLs, while the second database stores periodically delivered records constituting part of all records stored in the first database. When an access request to a website occurs, the second computer first tries to determine a category corresponding to a URL of the website by using the second database. Then, when the category is not determined here, the first computer executes determination by using the first database. Thus, the web filtering system minimizes the communication amount between the server side and the client side and shortens the response time required for the control of access requests to websites.

Abstract: Systems, devices, and methods for controlling access to vehicles in rental, loaner, shared-use, and other vehicle fleets. Some of the present systems, devices, and methods use encrypted virtual keys that can be relayed to a vehicle computing device via a user's mobile device. Such virtual keys can be command-specific such that successful use of a virtual key results execution of a predetermined command or group of commands, and further commands require one or more additional virtual keys with the additional commands. Others of the present systems, devices, and methods provide tools: for provisioning or initial pairing of vehicle computing devices with corresponding vehicles, identifying and permitting a user to select locally available vehicles, prompting vehicle computing devices to retrieve pending commands from a server, and/or various other functions described in this disclosure.

Abstract: Some embodiments of the present inventive concept provide methods for processing unwanted text messages based on reporting of sending telephone in a telecommunications system. The method includes retrieving aggregated data associated with sending telephone numbers from a central repository accessible by a plurality of Carriers. The retrieved aggregated data is analyzed to identify sending telephone numbers that satisfy flagging criteria. The flagging criteria indicates a threat level associated with text messages sent from corresponding telephone numbers. Preventative and/or remedial action is implemented for each telephone number identified as satisfying flagging criteria. A severity of the preventative and/or remedial action is directly correlated with the threat level associated with the flagging criteria. Each of these sending telephone numbers is actively monitored.